[Mono-bugs] [Bug 79741][Wis] Changed - signcode creates bad signature when data follows the last PE section

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Dec 14 15:24:38 EST 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=79741

--- shadow/79741	2006-12-11 18:40:53.000000000 -0500
+++ shadow/79741.tmp.23232	2006-12-14 15:24:38.000000000 -0500
@@ -1,13 +1,13 @@
 Bug#: 79741
 Product: Mono: Class Libraries
 Version: unspecified
 OS: All
 OS Details: 
-Status: ASSIGNED   
-Resolution: 
+Status: RESOLVED   
+Resolution: FIXED
 Severity: Unknown
 Priority: Wishlist
 Component: Mono.Security
 AssignedTo: sebastien at ximian.com                            
 ReportedBy: elevine at gmail.com               
 QAContact: mono-bugs at ximian.com
@@ -71,6 +71,30 @@
 
 ------- Additional Comments From sebastien at ximian.com  2006-12-11 18:40 -------
 I can verify MS-generated signature on helloworld.exe (first test
 case, built with mingw) using Mono chktrust. This means our hash
 calculation is correct, at least in this case, as the code path for
 signcode is a little different.
+
+------- Additional Comments From sebastien at ximian.com  2006-12-14 15:24 -------
+Fixed in SVN r69502. Both cases looks similar, extra data after the
+EXE, but required different fixes.
+
+The first case has a (deprecated) COFF debug information and while the
+document is very clear that any debug data must be after the attribute
+certificates (authenticode signature) it doesn't seems to apply to
+COFF debug info (MS put the signature after the COFF stuff).
+
+FIX: COFF debug is deprecated. Mono's signcode will strip this data,
+if present, when signing (i.e. I'm not gonna include a COFF parser as
+this feature is unused anywhere else inside Mono).
+
+The Nullsoft installer EXE is different. There is extra data but it
+isn't "registered" anywhere in the headers (if falls outside all
+sections). The old code would have worked, except that the alignement
+(on 8 bytes) was bad.
+
+The good news is that this allowed me to refactor the existing code
+and fix another issue (when using a test certificate created with MS
+makecert "Root Agency").
+
+Thanks for the report, the updated documentation and the samples!

More information about the mono-bugs mailing list